Re: Call for Community Feedback: Guidance on Reporting Protocol Vulnerabilities

Eliot Lear <lear@cisco.com> Wed, 28 October 2020 15:27 UTC

Return-Path: <lear@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E28E53A0A99 for <ietf@ietfa.amsl.com>; Wed, 28 Oct 2020 08:27:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vV-2QI7Dvm4b for <ietf@ietfa.amsl.com>; Wed, 28 Oct 2020 08:27:49 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 693E23A0AE3 for <ietf@ietf.org>; Wed, 28 Oct 2020 08:27:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2505; q=dns/txt; s=iport; t=1603898869; x=1605108469; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=yBzNdUDEAlJLRybLpK3jC2JNW1B+X3R2syxZtoGOCcs=; b=k3Xz1YKbI+QTXDnB6qsc4cefvqAjLNzmkHDB+U3LFZl1lKQ9xS9DmYDt vKM6nqceVwfEgy9dvYMMoKPKVeNqOvmQcbGmheafE1xRqNIaqYQl9Qcrz 8onzOwof/95+B+63grIKfku0ZcntJq9UuYPXlpVY5xqk4YLe/V3qiMFIR E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BKBACajZlf/xbLJq1gHQEBAQEJARIBBQUBgg+BI4JMASAShGqJBZwaiBoLAQEBDQEBLwQBAYRKAoIGJjgTAgMBAQsBAQUBAQECAQYEbYVthXMGHQZWEAsECjQCAlcGJ4MSgn2sT3aBMoVXhHyBOI1UggCBOByCTT6HVDOCLAS4DYJ1gxiXaAMfkkWPG7Adg18CBAYFAhWBayOBVzMaCBsVZQGCPz0SGQ2caUADaAIGAQkBAQMJjkgBAQ
X-IronPort-AV: E=Sophos; i="5.77,426,1596499200"; d="scan'208,217"; a="30699927"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 28 Oct 2020 15:27:45 +0000
Received: from [10.61.234.166] ([10.61.234.166]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 09SFRi9X023584 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 28 Oct 2020 15:27:45 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <39FBEDBE-F889-4A70-8D12-9C658F01E64E@cisco.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_CC10934D-9059-4F97-9ED3-EC52D5909133"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Subject: Re: Call for Community Feedback: Guidance on Reporting Protocol Vulnerabilities
Date: Wed, 28 Oct 2020 16:27:44 +0100
In-Reply-To: <0112bba51cd441d786287b3fb74c3ab0@cert.org>
Cc: The IETF List <ietf@ietf.org>
To: Roman Danyliw <rdd@cert.org>
References: <5081794697df44d8bd76b675cf08dc23@cert.org> <09B0A1A1-6534-4A44-A162-9962FFF8D8B8@cisco.com> <362d68dd6117452f925322f8180de423@cert.org> <B864FFAE-3E3E-4CEF-B832-4552C8BAE70B@cisco.com> <28e48db9700d49dd97dc0023761a8906@cert.org> <0E4F9F37-6907-496F-BBCA-112FE6CA75FB@cisco.com> <0112bba51cd441d786287b3fb74c3ab0@cert.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Outbound-SMTP-Client: 10.61.234.166, [10.61.234.166]
X-Outbound-Node: aer-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/RhS7SrhEho9dhTLhwDQavMxd2po>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Oct 2020 15:27:57 -0000


> 
> [Roman] To check that we’re on the same page, I see a future version of text like this as the up-front summary.  I believe we still need the existing detailed text to describe the detail process by which to engage the IETF (alluded to in this style of summary).  Agreed?
>  


Sure, but keep in mine your readership.  Don’t overprocess them, as we say in NJ.

Eliot